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FLEXIBLE SIM-BASED DRM AGENT AND ARCHITECTURE 

TECHNICAL FIELD OF THE INVENTION 

The present invention relates to digital rights management (DRM) for managing 
digital content ordered and distributed over networks such as the Internet. 

BACKGROUND OF THE INVENTION 

The distribution of digital content or media data using modem digital communication 
technologies is constantly growing, increasingly replacing more traditional distribution 
methods. In particular, there is an increasing trend of downloading or streaming digital 
content from a content provider to a user, which then typically renders or executes the 
content using a rendering or executing device according to some usage rights or rules 
specified in a license associated with the digital content Due to the advantages of this 
form of content distribution, memding being inexpensive, fast and easy to perform, 
applications can now be found for distribution of all types of media such as audio, 
video, images, electronic books and software. 

However, with mis new way of distributing digital media content comes the need for 
protecting the content provider's digital assets against unauthorized usage and illegal 
copying. Copyright holders and creators of digital content naturally have a strong 
economic interest of protecting their rights, and this has lead to an increasing demand 
for digital rights management (DRM). DRM is generally a technology for protecting 
the content provider's assets in a digital content distribution system, including 
protecting, monitoring and restricting the usage of the digital content as well as 
handling payment A DRM system thus normally includes components for encryption, 
authentication, key management, usage rule management and charging. 
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The most basic threats to a DRM system include eavesdropping, illegal copying, 
modification of usage rules* and repudiation of order or delivery of content Most of 
these basic security problems are solved by standard cryptographic techniques, 



5 distinguishes the security problems of a DRM system from other general security 
problems is that not even the other end-part of the communication (the end user) is 
completely trusted. In fact, the end-user might want to try to fraudulently extend his 
usage rights, for example rendering the media content more times than he has paid for 
or illegally copying the digital content to another rendering or executing device. 

10 Therefore, some form of rule-enforcement is required in the user's rendering or 
executing device. To this end, a tamper-resistant circuit and some formal language, 
such as XrML, expressing the usage rules are commonly used together with the basic 
cryptographic techniques mentioned above. 

15 Unfortunately, it now and then happens that die algorithms in the tanqper-resistant 
DRM circuits are hacked, and a piece of software that successfully cracks some vital 
part of tho DRM security of a particular type of rendering device is openly distributed 
From die viewpoint of the content provider, this makes all die rendering devices of this 
type unsecure for DRM purposes, and die content provider may have to stop providing 

20 digital content intended for these rendering devices, and instead use another algorithm 
that has not yet been hacked. Recalling and replacing all the concerned rendering 
devices is obviously very expensive for the manufacturer/content provider. 

A robust DRM system will make copyright holders more willing to distribute their 
j& material and offer a wider selection of content for end users over open, untrusted 
; *. channels such as the Internet It will also provide business opportunities for network 
operators to provide the infrastructure for distribution, charging mechanism and so 



including encryption, authentication and key management However, what basically 



forth. 
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Another problem is that it is often difficult, sometimes even impossible, to move 



media content from one tendering or executing device to another. The media usage 



The present invention overcomes these and other drawbacks of the prior art 
10 arrangements. 

It is a general object of the pres ent invention to provide a robust DRM system* 

It is another important object of the invention to provide a very flexible and relatively 
1 5 secure client solution for digital rights management (DRM). 

Yet another object of the invention is to provide a DRM method allowing die network 
operator to be more active in establishing and maintaining DRM functionality. 

20 These and other objects are met by the invention as defined by the accompanying patent 
claims. 

The basic idea according to the invention is to implement a DRM agent into a network 
subscriber identity module intended for cooperation with a client module capable of 
25 receiving digital content The DRM agent generally includes DRM functionality for 
enabling usage, such as rendering or execution, of (encrypted) digital content provided to 

« • - 

* " V die client from a content provider. 

* . • 

;*■*; In general, the DRM agent inohides functionality for cryptographic processing of DRM 
:5Q: metadata associated with the digital content to be rendered or executed. This metadata 



5 



license is often associated with a single device, and if the user wants to use the content 
in another device, he needs a new license. This is a cumbersome procedure for the 
end-user, and reduces the flexibility in the user's media system. 



SUMMARY OF THE INVENTION 
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may for exassopfe be m m®^tiawJ&emyp1km key as well as fbe encsypted digital content 
itself. Noraaaly, the DSM agent includes som© basic functionality for mo?© or less 
ditecHJy generating or extracting a decryption key to lb© issed for decrypting tike encrypted 
" digital content It is also possible to integrate the actual decryption of the digital content 
5 into the DRM ageat, as well as ftmcldonaBty for rale-^ossemenfL 

The network sdbscrfber identity module is not limited to the steadard SIM cards msed in 
GSM (Global System for Mobil© Cosnmisniicafions) mobile telephones but can be any 
netwcsk subscriber identity naodtole fcaowa to the art, including also UMTS (Universal 
10 Mobile TeleccammmricaJions System) SIM, WAP (Wireless ApplcaSion Protocol) SIM 
and ISM (Internet Multimedia Services Idessfity Module) mcdutes. It is especially mxMd 
that tibe invention fits well into the esnesging WAP-DRM gfoandasdL 

Mtfhowgh libe invention is prnJaodairly saaitable for mobile wits and mobile DRM* the 
II S invention is not limited to mobile phones and conaKmrnScators. Tfee invention can be used 
widii any clentt modWe, including comreational PC systems. 




In most staadkondSzed SM ssaodaies, &e BRM agent may interface saihentficaiion and 
keying algorithms pEe-exis«ing on the SIM, reusing fihe subscriber-t^efiator relation 
20 manifested by the shared ascription key. The sabscriber^srato: relation may also be 
uased for charging in the ovaraH DRM system. 

. . It has been s^cognized that it is psrtieBlarly advantageous to implement the DIM agent 

. as an application in the application envtaament provided by the network smtoentar 

..25 identity module's application fiooMt. The D3RM application agent can be pesprograrained 

*• into 4h© toolkit appKcaSaon ejavisxjnsnenfij, or sesurdy (ps^fes&bly authenticated and 

•:- encrypted) downloaded tffcom a oetwork operator associated with the subscriber identity 
xnodnle. The toolkit application enviaonment is not the same as a tirae temper sesastaifflfc 

*„-. : circuit, bust it is far mow sectxre than perforating t£he DRM processing in a hostile PC 

••3CP (peirsonaB computer) environment, and mose Enable fero raising hasfd-wised tamper 
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resistant circuits. For example, if a security flaw is found or if the whole DRM agent is 
hacked, the functionality is easily replaced or upgraded (even or the air interface) by a 
new DRM agent It should be understood that although a software agent is particularly 
beneficial, it is also possible to have die DRM agent premanufactured as hardware in the 
5 network subscriber identity module. 

The proposed solution provides increased flexibility for the end-user as well as the 
content provider and/or network operator. The netwotk subscriber identity module is 
easily replaceable (even remotely upgradeable), "portable" between different rendering or 
executing devices as well as relatively secure. 



Another interesting functionality suitable for implementation in the DRM agent is 
certification and registration of rendering or executing devices in the network subscriber 
identity module, preferably including functionality for ensuring secure transfer of the 
content-decryption key between the DRM agent and foe actual rendering or executing 
device (assuming that the content-decryption takes place in foe rendering device). 
Certification and registration is particularly important when the subscriber identity 
module is moved between different rendering or executing devices, or when using stand- 
alone rendering or executing equipment 

It is also beneficial to have foe network operator (in processing a media order) and/or a 
content provider (in processing a request for content) authenticate that foe network 
subscriber identity module used with the client includes a compliant DRM agent 



From the end-user point of view, the invention provides flexible and upgradeable 
implementation of DRM agents, as well as "portability" between different 
rendering or executing devices. 
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A manufacturer of rendering or executing devices (players) can easily configure 
players to run with an external DRM agent 

A network operator can efficiently manage and upgrade DRM agents connected 
to the network, and the invention also opens up new business possibilities for fre 
5 operator acting as a trusted center for content distribution. 

* 

Other advantages offered by the present invention will be appreciated upon reading of the 
below description of the embodiments of the invention, 

10 BRIEF DESCRIPTION OF THE DRAWINGS 

The invention, together with further objects and advantages thereof; will be best 
understood by reference to the following description taken together with the 
accompanying drawings, in which: 

15 

Fig. 1 is an overview of a digital rights management system for ordering digital 
content over a network illustrating the relevant parties and their mutual relationships; 

Fig. 2A schematically illustrates a client module according a preferred embodiment 
20 of the present invention; 

Fig. 2B schematically illustrates a subcriber identity module according a preferred 
embodiment of the present invention; 



-2p Fig. 3 is a flow diagram illustrating a digital rights management method according 

to a preferred embodiment of die invention; 



Fig. 4 is a schematic diagram illustrating an example of client-operator 
authentication key agreement client-side digital rights management, as well as the 
associated client-operator communication; 
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Fig. 5 illustrates a subscriber identity module and an associated Tendering device 
according to an embodiment of the invention; 

Fig. 6 illustrates a subscriber identity module and an associated rendering device 
S according to another embodiment of the invention; 



operator, a SIM, a content provider and a rendering device; and 

Fig. 9 is a schematic block diagram of relevant parts of a DRM system operating 
based on the protocol of Fig. 8. 



DETAILED DESCRIPTION OF EMBODIMENTS OF THE INVENTION 

The present invention is generally applicable to digital rights management (DRM) used 
in a digital content ordering and distribution system. In such ordering and distribution 
20 system, digital content or media is provided from a content provider to a client over a 
network, e.g. Internet or a wireless network ibr mobile communication, managed by a 
network operator. In order to facilitate understanding of the invention, a brief discussion 

* of the general DRM functions follows. As was mentioned in the background section, 
DRM is used for protecting the copyright holders * assets in a digital content ordering and 
25 distribution system. In this system, DRM typically regards authentication and key 
management, usage rights management and charging. These DRM functions are 
implemented in DRM modules arranged in the relevant parties, i.e. for example in a 

" client module, in a server of the network operator and in a media or content server of the 

: content provider. 



Fig. 7 illustrates a subscriber identity module and an associated rendering device 
according to yet another embodiment of the invention; 



10 



Fig. 8 is a schematic diagram of an example of a DRM protocol involving an 



15 



30 
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Starting with authentication and key management, authentication Is used to identify the 
parties m the digital content ordering and distribution process. Techniques well known in 
' the art, such as message authentication and digital signatures using csyptograglhic keys 
[1], may be employed for authentication. In addition, tectaiques for marking or stamping 

5 digital content, so that it can be tracked during the delivery process and subsequent 
- usage, may be used Watennaaking and fingerprinting arc two techniques that usually 
are employed for content marking. The DRM modules in 4he system also transport, 
store and generate, in a secure way, cryptographic keys for use in the digital content 
ordering and distribution process. The keys are employed for ciryptogEapMcaEy 

10 protecting messages, including the actual digital content, during the delivery over the 
nefcwosk. 



The DRM modules also perform usage rule management, including rule-enforcement 
The ordered digital! content is associated with a license or digital permit specifying the 
15 client's usage rules and rights of the obtained digital media. This form of management 
is about the digital content itself and deals with issues such as, who gets it, how is it 
delivered, how may it be used, how many times may it b© used (rendered, executed, 
saved, forwarded, copied and or modified), how long does the sights last, who gets 
paid, how much they get paid and how. Some or all of these issues are specified fen the 
20 license, which may be delivered together with the digital content. In order to describe 
the usage rules, special languages called rigjifis languages have been developed Two 
of the most prevalent rights languages used today aire Rights Markup Language 
(XrML) and Open Digital Rights Language (ODRL). In the client's rendering or 
executing device, the DRM module is implemented to ensure that the usage, most 
: 25 often rendering, follows what is described in the usage rules and to prevent repudiation 
of the digital content 

[ Finally, charging management generally refers to the procedure of the actual payment 
: for usage of the digital content Several different techniques are rased, such as credit 
; 30 card techniques for payment over internet or payment through a subscription. 
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. A digital content ordering sad distribution system incorporating DIM functions is 
• schematically depicted in Fig. l s which illustrates the relevant parties sad fhrir mutual 
relationships. The system typicaly includes a client having access to a network through 
an agreeme^ e.g. a subscription, wish a network operator. This ck^t-operator toast 
5 relation is usually manifested in a cryptographic relationship, i.e. sharing symmetric keys 
oir having access to each other's public keys (certified by a commonly trusted party), if 
asymmetric oryptography is used A trust relationship is also present between the 
network operator and the content provider, but in the form offabustoess agreement. This 
agreement could be manifested by a simator key sharing and/or key access as described 
10 tor the client and network operator above. However, between the client and the content 
provider, an induced trust relatioaship is established each time the client obtains digital 
content the content provider. This induced trust is manifested in a session key used 
for cryptograpMcally protesting the digital content as it is transmitted to the client over 



IS 



In a typical content ordering and distribution process, the cleat firstly connects to the 
network operator. The operator then aui&eaticates the client and possibly verities that the 
client has a valid DRM agent for managing DEM metadata, such as usage rules, 
encrypted data and keys, associated with the digital content. The client chooses digital 
20 content or media and specifies some elent^ectable usage rules to be vald fa the 
media, for example rendering the media a selected «tar of times or during a given 
period of time, to the present description, digital content refers to digital data that cambe 
downloaded or streamed over a network for usage in a client module, and thus includes 
fer example audio, video, images, electronic books and other electorate test material as 
25 well as software (application programs, computer games, and so forth). Other types of 
usage of the digital content than rendering or execution includes forwarding, saving, 
eopykg and possibly modifying the digital content to the folowtog, the invention will 
mainly be described with reference to rendering of digital content It should though be 
understood that the invention is not limited to rendering of audio, video and text, but 
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covets amy usage or consumption of media content, lacliidiaig executioa off appUcation 
programs and compute? games. 

Aa older is then placed to the operator, which writes and encrypts a ticket specifying me 
5 ordered corient and me usage rme&^ 

decrypts the ticket and extracts a session key from the received ticket The lieket can be 
decrypted by conventional cryptographic means, e.g. using a key of a symmetric or 
asymmetric key pair associated with me client and the netwonk operator. This decryption 
key is preferably the cUentoperator subscription key, a special DRM key associated with 
10 me DRM agent, or a key derived from these keys. The extracted session key will 
eventually be used for decrypting me digital media from me content provider. The client 
also receives a copy of the ticket encrypted with me operator-conteM provider agreement 
key (or a key derived merefirom). This ticket copy is forwarded to tihe content provider, 
where me session key is extracted after the validity of me ticket has been checked. 
IS Thereafter, the content provider delivers me ordered digital content cryptograpmcally 
protected by the session key to me client, earner as downloaded data or streaming data. 
Finally, a rendering or executing device in me client decrypts me digital content by me 
previously extracted session key. The digital content can now be used, e.g. rendered or 
executed, by the client or an associated device according to me usage rules. Further 
20 information regarding DRM systems and ordering and distribution of digital content can 
be found in [2], as well as in P]. 

/ The overall content ordering and distributioa process discussed above is merely given as 

\ . a simplified example for conveying a general image of such processes. In order to 

J 25 increase foe security, mcneau^ 

V addition, me client Wd pay for the ordered content, so biffing and charging steps are 

'/ : most often present in me ordering process. Such a charging may be performed by a 

• : J subscription to me network operator, by sending me client's credit card number to me 
^ojk operator or a dedicated billing instate managing me charging of digital content, 

!> 30 or by some other means, to addition, me metwoik operator may W™ de &e aetwork 
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and the digital content and hence acts as both operator and provider at the same time. 
However, the operator then typically has a dedicated content server and a dedicated 
operator servo:, so that (he parties illustrated in Fig. 1 are present although the network 
operator also manages the content providing services. In some applications, e.g. WAP 
5 (Wireless Application Protocol) applications, it is also possible that another client may 
act as a content provider. The usage rules are then pushed to the content-receiving client 
from the network operator or the content provider. 

It has been recognized that a partial solution to the objective problems addressed in the 
10 background section may be to use a portable tamper-resistant device that can be moved 
between rendering or executing devices. However, if a user buys a new device, there is 
typically some cumbersome set-up procedure before the new device can be used. In 
addition, it might even be that not at all combinations of DRM devices and rendering 
devices are interoperable. 

15 

The basic idea according to the invention is to implement a DRM agent in a network 
subscriber identity module that is intended for cooperation with a client module, such as 
a mobile phone or a computer system. The DRM agent is generally implemented with 
functionality for enabling usage, such as tendering or execution, of protected digital 

20 content provided to the client from a content provider. In general, the DRM agent 
includes functionality for cryptographic processing of DRM metadata associated with the 
digital content to be rendered. This metadata may for example be key(s) and user data 
such as the encrypted digital content itself. Normally, the DRM agent includes some 
basic functionality for more or less directly generating or extracting a decryption key to 

25 be used for decrypting the encrypted digital content It is also possible to integrate the 
actual decryption of the digital content into the DRM agent, as well as functionality for 
rule-enfbtcement 



Due to tire inherent tamper-resistance of the SIM, a proper security configuration will be 
30 hard to override. By implementing the DRM agent in an SIM, the agent is potentially 
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more secure man in a hostile PC environment This is because the operating system 
platforms of PCs, e.g. Windows and Linux, are more well known by the public than 
corresponding platforms of SIM modules, which thereby become harder to attack and 
modify. The SIM is the base for a charging mechanism that can be used also for payment 
5 of digital content in the DRM system. 

The feet that the SIM normally is removably arranged in relation to the client module 
makes it easy to move the SIM, with its DRM agent, between different devices, and also 



10 

Although die DRM agent may be implemented as special hardware in the network 
subscriber identity module, die currently most preferred implementation concerns a 
software-based DRM agent It has been recognized that it is particularly advantageous to 
implement the DRM agent as an application in die application environment provided by 

15 the network subscriber identity module's application toolkit, such as the GSM SIM 
application toolkit (SAT) or the UMTS SAT (USAT). The DRM application agent can 
be preprogrammed into die toolkit application environment, or securely (preferably 
authenticated and encrypted) downloaded fiom a network operator associated with me 
subscriber identity module. The SAT provides an environment that can easily be 

20 upgraded with new software in a secure way, more of which below. 

In addition, the mobile operator's infrastructure can be used to solve the set-up 
problems associated with using die DRM agent with new rendering devices, as will be 
explained later on. 



25 



30 



Fig. 2A schematically illustrates a client module according a preferred embodiment of 
the present invention. The client or client module may be any form of appliance, which 
may order and obtain digital content over a network, for example a mobile phone with 
a SIM card removably arranged in a SIM card slot, or a personal computer equipped with 
a SIM card reader into which a SIM card is inserted. In this exemplary embodiment, the 
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client module comprises a network comrmmicatiofl unit, a network subscriber identity 
module and a rendering (or executing) device. The network communication unit 
implements a network communication protocol stack, and thus enables downloading 
or streaming of digital content ftom a content provider to me client, using wireless or 
5 non-wireless network communication. The network subscriber identity module, 
hereinafter simply referred to as a subscriber identity module or a SIM, may be any 
SIM known to tiie art, including standard SIM sards used in GSM mobile telephones, 
as well as UMTS SIM cards, and WAP SIM and ISIM modules. The SIM could also 
be issued by a non-telecommunication actor, e.g. a smart card issued by a bank to its 
10 customers. As mentioned above, the SIM comprises a DRM agent implemented in 
hardware, software or a combination thereof. The rendering device could also be 
implemented in software, hardware or a combination thereof. Preferably, «he rendering 
device includes a media processor, which may be soSware-impleinented, for rendering 
the digital content using eg. a screen or a loudspeaker, depending on the type of digital 
15 . content. The rendering device usually comprises some form of DRM functionality, for 
example Me-emftjrcement and typically also decryption of the protected media content 
based on a key generated by the SIM-based DRM agent 

The rendering device may be integrated into fee mobile unit or me PC, but can also be 
20 provided as a stend-alon© device directly (via suitable cranmanieation ports) or indirectly 
connected thereto. In the latter esse, the client may have one unit for downloading or 
: streaming of digital content and another physically separate unit for actually rendering 
me digital content, Le. the rendering device. The downloading or streaming unit may e.g. 
be a personal computer or mobile unit with suitable hardware/software for receiving the 
25 digital content. The protected digital content, together with a DRM-derived decryption 
key, may then be stored in or on some suitable portable media, including floppy disks, 
CD-ROM disks and DVD disks ftnr transfer to an external rendering device for 
decryption and subsequent nendering. to practice, however, it may be more convenient to 
transmit (he content to the rendering device via ordinary cables or by wireless 
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• oosnmuiaioBtioa with or without involving a netwoik. Typical stand-alone seafaring 
devices include Mp3 players, CD players, DVD players, other mobile units or PCs. 

As mentioned above, the DKM agent may preferably be implemented as a software 
5 application in the SIM, as schematically iltosfcated in Fig. 2B. The subscriber identity 
module preferably comprises an input/output unit, a resident subscription 
(GSM/UMTS/WAP) application, an AKA (Authentication and Key Agreement) 
module, a subscriber key k as wel as an application environment The I/O unit parses 
commands sent to the SIM and bandies communication with the internal fisnctions. 
10 The AKA module comprises algorithms for santeal authentication between client and 
network, and for deriving keys. This AKA tactic© typically uses a SM specific key, 
e.g. the subscription key k associated with me client-operator subscription, a key 
derived therefrom or a key x associated with the DKM agent ssmplemented in the SIM. 
It is also possible to use asymmetric cryptography for suwenucation purposes. This 
15 function could for instance be the GSM A3/A8 AKA algorithms. The application 
environment is advantageously provided by the application toolkit of me subscriber 
identity module. For a GSM SIM the application mvironment may be provided by the 
SIM Application Toolkit (SAT) [4], whereas the analogue application environment of 
UMTS SIM (USD*) is provided by UMTS SAT (USAT) [5]. 



20 



25 



30 



For a GSM SIM, the 3M-ME (SIM=Mobile Equipment) interface as defined in [61 
specifies the "commands" and data that can be sent to/from (he SIM/ME. For instance, 
to run me GSM A3/A8 AKA algorithms, there is a mUNjGSM.ALGOKITHMS"- 
cominand tor computes the response and the ciphering key from a random challenge 
RAND and the stored subscriber key, k. In the list of commands possible over me 
S1M-MB interface, we specially note the "ENVELOPE" command, which is intended 
to send moms or less arbitrary data to the SIM for use with me SIM Application Toolkit 
(SAT). The input/output format to the SIM is explicitly specified, butt these is a high 
degree of freedom exactly what the applications can do or not For instance, the 
application could be a quite general Java Applet, see [7]. The applet can be given 
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various degrees of authorization to access resident GSM-related files, one possibility 
being to give it "full GSM access". 

In a preferred embodiment of the invention, fhh DRM agent is implemented in the 
5 application environment provided by the SIM application toolkit, using the 
"ENVELOPE" command or an analogous command The SIM application toolkit thus 

: 

enables the operator to "hardcode", or download] over the air in the case of a mobile, a 
DRM agent application into the SIM besides the default GSM/UMTS/WAP 
application. In the latter download case, it is also possible (and strongly recommended) 

10 to authenticate the DRM application as coming from the right operator. This is 
important since it gives protection against downloading "viruses" from malicious 
servers. The downloaded DRM application can also be encrypted so that the content of 
it is not available outside the SIM. For security aspects related to GSM SAT, reference 
is made to [8], For communication between the DRM agent and the AKA module, 

IS there is preferably a direct interface between the AKA module and die SAT 
application environment 

By implementing the DRM agent of the SIM in the application environment, it is also 
possible to upgrade the functionality of die) DRM agent Upgrading? are simply 

20 downloaded using download commands associated with die client module, e.g. using the 
ENVELOPE command, and implemented in the client module. This is an advantageous 
solution if the DRM agent is broken or ''hacked", so that its code and/or secret keys 
become publicly available, e.g. on the Internet. Then, instead of changing all client 
modules, the associated DRM agent is simply updated by downloading and 

25 implementing new algorithms and or keys. On subsequent authentications, it can then be 
verified that the DRM agent is a compliant DRM agent of an allowed version . 

For more information on fundamental details of the GSM SIM specification, reference 
is made to [9]. 

30 
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For encryption and aisthenticatics m the DRM system, say ssandssrd cryptographic 
techniques may be used, including both symmetric and asymmetric encryption and 
authentication. Using symmetric encryption and/or asaihentic&tion, the encryption key is a 
shared symmetric key, a copy of which is stored both in the SIM and aft the network 

5 operator or contest provider. Alternatively, an asymmetric key pair may be used for 
encryption and amflientication based on a Public Key Inficastlmctoe (PKI). For 
asymmetric encryption, the public key is used for encryption and the corresponding 
private key for deciryption. For asyssmetric aulhcntication, the private ksy is used for 
signing and the corresponding public key for verification. Also, subscription-associated 

10 usernames and passwords may be vised in the contefc of sufeenticatioTa. If the client has 
one or several IP addresses associated thereto, such addness(es) can also be used for 
authentication* 

In flhe following, ihowever , encryption and authentication will mainly be described in the 
IS - context of symmetric cryptography, using the SIM subscriber key k and/or a DRM 
specific key s. The DRM specific key x, may be located anywhere in fee preferably 
in the application environment, and even integrated in the DEM agent 

Fig. 3 is a flow diagram fflBstea^mg & digital rights management mettad according to a 
20 preferred embodiment of the formation. The method is directed toward the network 
operator side of the overall DRM sysfissn, and concerns the downloading of a DRM agent 
into a SIM arranged in relation to a client module. As a secomsnended, but optional fest 
step (SI) mutual authentication is performed between client and opesator. The operator 
may optionally gememte authentication data for transmission to the SSM module of 
25 client to enable the client to authenticate that the DBM agent comes from a trusted 
operator. The operator performs a download (S2) 9 optionally auttoticated, of a DRM 
agent into the SIM, preferably as an SAT application using the "ENVELOPE* 1 
command. If required, for esample due to a security flaw, flae DRM agent may be 
remotely upgraded (S3) by the network operator, which downloads the required 
30 patches or entirely new DRM algorithms. The operator or content provider may also 
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authenticate that requesting elimts tor© SIM modules with compliant DRM agents, 
using any known au*ta>tication technique. This authentication of the DRM agent 
normally includes verification that the DRM agent is of a compliant type, hut 
preferably also includes DRM ages* version verification 

' 5 

Fig. 4 is a schematic diagram illustrating an example of client-operator mithentication 
key agreement client-side digital rights management, as well as the associated client- 
operator cosnmnsncBtaosn. In Ms particular example, the cKent sends an authentication 
tag, which preferably is dependent on sonne secret key met as a symmetric key steed 

10 by the SIM module and the operator, or a private key. to the case of symmetric 
authentication, which is assumed here, it is possible to use the subscriber key k and/or 
a special! DRM key x. The operator performs authentication k©y agreement (ASA) 
using atraadom challenge, rand, other optional user data, the key k and or the key x as 
input to a cryptographic fftenction f, thus generating a session key t to be used for 

15 secure communication between the client and the operator. TBxe operator sends the 
rand value, possibly together with an authentication tag, to the SSM module of the 
client The data is received by the client? s SIM module and, if an authentication tag is 
present, the SIM module first aufifoentieaBes the received data and! then runs the same 
AKA taction f with the same input to derive the session key t and a response, res. 

20 The response as sent back to the operator so that it can be verified that the operator is 
in contact with the right application In the following, B^m) Represents a message m, 
protected by a key z. "E" m intended to denote "encryption", but it may (and often 
should) also encompass authentication and integrity protection. Next, the client places 
an order, protected by the session key t, to the operator. The operator, which acts as an 

25 order server, generates a ticket and a ffurSher session key s, also referred to as a media 
protection key, and encrypts the ticket and the key s with flhe previously generated 
session key L The encsypted ticket and media protection key s is sent to the client, 
which invokes tine DRM agent in order to decrypt the ticket and the media protection 
key s by using the key t. The media protection key s together with the associated ticket 

30 is also securely forwarded to the content provider, which then encrypts the ordered 
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digital content by using die media protection key s and sends the protected media to 
the client Once received by the client, the protected media content is decrypted, either 
by the DRM agent or more likely by some DRM functionality present in the rendering 
device, using the media protection key s. 

5 

As previously indicated, the DRM agent implemented in the SIM basically includes 
functionality for cryptographic processing of DRM metadata associated with the digital 
content to be rendered This metadata may for example be one or several keys as well as 
encrypted information. Normally, the DRM agent includes some basic functionality for 
10 more or less directly generating or extracting a decryption key to be used for decrypting 
the encrypted digital content, as described below with reference to Fig. S. 



Fig, 5 illustrates a subscriber identity module and an associated rendering device 
according to an embodiment of the invention. The block diagram of Fig* 5 only illustrates 
IS those components that are relevant to the invention. Hie SIM module has an AKA 
module, and a DRM agent Among other things, the AKA module generates the session 
key t, preferably based on the subscriber key, k, and/or a special DRM key, x- The DRM 
agent comprises a cryptographic unit CI for extracting the media protection key (also 
referred to as a session key) s based on the session key t received from the AKA module 
20 and the encrypted information Et(s) received from the network operator. In this 
embodiment, the actual decryption of the media content takes place in the rendering 
device, which is integrated in the same module as the SIM or provided as an external 
stand-alone device directly or indirectly connected to the mobile, PC or other equipment 
in relation to which the SIM is arranged. The rendering device includes a DRM module, 
: 25 which in turn has a cryptographic unit C2 for decrypting the protected media content 
from die content provider by using the media protection key extracted by the DRM agent 
in the SIM module. The decrypted media content is finally sent to a media processor in 
the rendering device for preparing the actual rendering. 
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If the actual BenderingMecryption is don© in another tamper-resistant module, distract 
from the SIM, it might be advisable to configure t&afc M@ sad the SIM DRM 
application by a stored secret key, y, so that the media protection key s can be sent 
encrypted between the SIM md that device, as iUhostmted in Fig. 6* Now, the DRM 

5 agent in the SIM comprises two logically separated (jot practice, though, they may be 
implemented in oa© and the same Imdware/sofitware module) cryptographic waits CI 
and C3. The cryptographic unit CI is similar to that of Fig. 5, whereas the 
cryptograpMc unit C3 is configured to encrypt the protection key s by issiag the key y, 
before transmittal to the indexing device. The DRM modaale m the maderimg device 

10 now includes a cryptographic wrni OS for decrypting the encrypted key s by using the 
key y, and a ciryptographic unit C2 for decrypting the media content by rising the 



This also enables the BBA application to atathenflicate that it is in contact with sack a 
IS tamper resistant device. The SIM could either rely on isnptidt auShenticatian, ie. only 
a device knowmg the key y can decrypt t3ae key s, or perform an explicit authentication 
based on the key y. If th@ rendering device is a stand-alon© device, it is recommended 
that it has its own role-esforcement and is given the uisag© rallss in tihe ticket along 
with the media so tfhat itt cam act as an agent on behalf of the content owner/provider 
20 and assort that the usage rales are followed* Otherwise, for ©xsmpl© m a mobile mnit 
with its own indexing application, the rale ©©forcemeat could alternatively be 
' in the DRM agent 



As the key y is specific to the rendering device, die client (SIM) may establish a tost 
25 relation with thai device, in particular the very first time when the device is brand new. 
Note tot at is not secure to sansply write *Y* on tike cmtside of the device, as it could be 
copied and a cloned, and a nonsecure device could easily be created. Instead, the 
result of applying some cryptographic one-way Sanction h to 4h© key y may be 
attached to a "label" on tSfee rendering device when it is sold. Bach device is associated 
30 with a random, secret y«vatee, and when tihe buyer wishes to activate the device, he 
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sends h(y) to the operator (or another trusted certification party) who checks that h(y) 
is assigned to a valid device and updates the DRM application in the SIM with the key 
y. It is assumed that the operator has some secret key that enables him, and no one 
else, except possibly the device manufacturer to invert the function h. The value y can 

5 be checked to verify that only "authentic" (i.e. not stolen, hacked or otherwise 
compromised) rendering devices, ones with "valid" y-values, are used in the system, 
and if a user purchases a new rendering device, he can add support (a new key in his 
SIM) for it in a simple way. This can be used for certification and registration, in said 
subscriber identity module, of various rendering devices with which the client (SIM) 

10 wants to establish trust relations. 



It should though be understood that the response of sending the "labeled" identification 
key to the certification party may be any a representation of the rendering device key y 
allowing the DRM agent to derive the key y . 

15 

Due to the limited processing capacity of the SIM modules of today, it is normally 
recommendable to perform die actual decryption of die digital content in die rendering 
device. However, with increased processing capacity in die SIM, it is equally feasible to 
integrate die decryption of die content into the DRM agent, as illustrated in Fig* 7. Here, 
20 die SIM comprises both the cryptographic unit CI for generating the media protection 
key s, and die cryptographic unit C2 for decrypting the encrypted media content using die 
protection key s from die cryptographic unit CI. The decrypted media content is then 
sent to die rendering device for processing and tendering. 

25 For a more complete understanding, an exemplary SAT-based solution will now be 
described with reference to Figs. 8 and 9, which schematically illustrate the overall DRM 
protocol and the corresponding block diagram, respectively. 

As mentioned, in a DRM solution, part of die processing normally must take place in a 
30 tamper resistant device, preferably a SIM. Typically, a container is downloaded that 
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comprises key(s) and/or data, and this key(s)/data seed to be processed in a protected 
environment Heire, the processing behavior could be entirely specified by a SAT 



existing on the card, reusing the operator-subscriber relation. Using SAT in this 
5 context is not the same as using a "true" tamper resistesmt module, but it is more secure 



using hard-wired tamper resistant modules. If a security flaw is found, the card is 
easily upgraded (even- over the air) by a new set of ORM processing atfgoritfasm. 
In this example, it is assumed that Sue SIM card contains k, the usual subscriber key. 
10 The SUM also contains an application environment (e.g. SAT/USAT) that is 
premanufactmed with a DRM application, or alternatively, the DRM application is 
securely (encrypted and authenticated) downloaded. Also, a second key, x, specific for 
DRM purposes is present in the SIM and at the operator. Like k, alsox is stored so that 
it cannot be read out of the SM card Note though that x may be stored in software, 
IS e.g. as part of the DRM application, if enough protection can be guaranteed. Besides 
the network opemtor, there is a content provider, which, if distinct fimm the operator, 
has a contractual agreement with ^eopemtc^, manifested by a shared key c. 

First, and optionally, each time the DRM agent in the SIM is to be invoked, the 
20 application verifies that it is running in a trusted environment, e.g. by a mutual 
authentication protocol. This protocol could b© based on knowledge of the key x, or 
some other in&smation shared between the SIM and the device with which the SIM is 
related, e.g. another key y. This might be desirable in cases where the whole SM can 
be moved between devices, in which case there is one unique key, y, for each device 
: 25 the SIM is uxsed with. Such solutions are (partly) already available in mobile phones, in 
order to lock the SIM to a specific mobile (so caffled SIM-lock feature). 




ithms 



pre- 



than performing the processing in a hostile PC environment and more flexible than 



30 



When the laser has decided what media he wants (aaad possibly paid for it, if payment 
is not done afterwards or during the session), he notifies fee network operator that he 
wishes to use the DRM application, and the operator psorfforms authentication and key- 
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agreement using a irsaadom challenge rand, other optional user data, the key x and 
optionally also the key k. This authentication could optionally have been done before, 
e.g. when gaining netwosk access. The key k is used when it is necessary or 
% appropriate to tie the key generation to the subscription as such. This AKA is done 
5 using some cryptographic function f, which, in case we desist dependence also on k, 
may partially consist of the noirmal SIM authentication algorithm. 

In other words, the operator sends rand (and optional [nse?jd&fi&], if not already known 
by the DRM application on the SIM) to the SIM (see (1) in Fig. 9)- The information 

10 sent is preferably authenticated, e.g. by a key derived feom k and/or s in a similar way. 
The data is received by the DRM application on She SIM, which, if an authentication 
tag is present, first authenticates the received data, and then suns the same function f to 
derive the session key, t and the response, res. This response is sent back to the 
operator so that the operator can verify that it is in contact with the right application. 

15 Subsequently, the application places an order (protected by tine key t) on what media 
and what rights it wishes to gain to the operator. The order is typically generated by a 
browser application in the device, which passes it to the AKA module or DRM 
. application for encryption (note that the browser application is in this case also a 
trusted and authenticated application, or the user must be given the possibility to 

20 conftafl the placed order). The operator returns a session key s, along with a ticket 
describing the ordered media and rights. This session key is to be later used for the 
actual media protection. The ticket and the session key s are sent in duplicates. One is 
protected by tine key c (faaown only to the content provider and the operator), the other 
is protected by the key t (known only to the client and the operator). The client 

25 decrypts the ticket and the key s and checks that tiae ticket corresponds to the earlier 
placed order. 

The key s can now be output to another application in the device (not necessarily on 
the SIM itself), or, to a completely stand-alone ©eternal device, that using the key s 
30 later decrypts th© received media and senders it to the user. Note that it may be the 
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case that the actual rendering/decryption is done in another tamper-resistant module, 
distinct from the SIM- If so, as mentioned above, it might be advisable to configure 
(hat device and the SIM DRM application by a shared secret key, y, so that s can be 
sent encrypted between the SIM and that device (see (2) in Fig. 9). This also, as 

5 discussed above, enables the SIM application to authenticate that it is in contact with 
such a tamper resistant device. The SIM could either rely on implicit authentication 
(i.e. only a device knowing the key y can decrypt the session key s), or perform an 
explicit authentication based on the key y. If the rendering device is "stand-alone" it is 
recommended that it has its own rule-enforcement and is given the usage rules in the 

10 ticket along with the media so that it can act as an agent on behalf of the content 
owner/provider and assert that the usage rules are followed* The rule enforcement 
could alternatively be implemented in the SIM, or distributed between die SIM and the 
rendering device. 

15 The client next sends the ticket and session key s (still protected by the key c) to the 
content provider (see (3) in Fig. 9). The content provider removes the protection from 
the ticket and extracts the key s* If this is successful, the content provider knows that 
the ticket originated from an operator with whom he has an agreement If any set-up 
messages are needed between the client and the content provider prior to sending the 

20 media, this traffic is protected by the key s (or some other key derived from s). Finally, 
the content provider encrypts the media by the session key s, and sends (downloads or 
streams) it to the rendering device (see (4) in Fig. 9). 



It is also possible to let the rendering device authenticate that the media protection key 8 
25 really comes from a SIM that has been paired with the rendering device through the 
shared secret key, y. 

Note that if the rendering device is to be transferred to another user, having another 
DRM agent, it is normally recommended that the "y" the rendering device be 
30 upgraded, so that the old DRM agent cannot be used with it anymore. This could be 
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done by an authorized service point, or remotely over a network. On the other hand, 
there could also be cases when it is desired that the same device can be used by two (or 
more) different DRM agents. 

5 It is also recognized that the use of "keys" inside devices could be used for anti-theft 
purposes: without knowing the key, the device is useless, and if someone tries to 
configure a device, it could be checked against a register of stolen devices. 

The ticket-based protocol above is of course not the only possible; many variations 
10 exist as can easily be seen by those of ordinary skill in the art. 

The invention fits well into the emerging WAP-DRM standard. The Wireless 
Application Protocol (WAP) is standardized by WAP-Fomm. There is currently 
ongoing work to come up with a way to enforce DRM in the scope of WAP [10, i 1]. 
IS At present, the standardization work is mainly targeted at download. 

The WAP solution separates the media download of a DRM object in two parts: the 
media object and the rights object The download can be performed using one of three 
defined methods: 

20 

• Forward-lock: The client downloads only the media object The media object 
has some simple default rights, e.g. a "preview object", and can not be 
forwarded to another user. 
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25 • Combined download: The client downloads both the media object and the rights 
object 

• Separate delivery. The client downloads the media object, which is encrypted 
with a key CEK (Content Encryption Key). The rights object can later (or 
30 simultaneously) be pushed to the client 
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The client is assumed to be an authorized entity, i.e. the device in which it resides can 
trust that the client behaves in a good way, and obeys any rights imposed by a rights 
object No non-authorized entity, e.g. a text-editor or a game that is installed in the 
device has access to the DRM objects in unencrypted form (possibly not even in 
5 encrypted form). 

Hie WAP DRM client defined in [10, 11] can suitably be implemented as an SAT 
application in an SIM-card as described above. The WAP-DRM standard however, 
assumes that the media rendering device and the download client both resides in the 
10 same physical entity. This limitation can be relaxed without violating the WAP-DRM 
standard by configuring die rending device and the SIM DRM application by a shared 
secret key, y, so that the CEK key can be sent in protected form between the SIM and 
the rendering device. 

15 The Forward-lock and Combined download models specify that the media and rights 
are downloaded to the DRM client According to the invention, the rights object may 
be included in the ticket, and the media object may be downloaded to the rendering 
device. Note that in this respect there is no real difference between download and 
streaming. In references [10, 11] that are mainly targeted at download, there is a 
20 suggestion to perform streaming by downloading an SDP description of the stream in 
the media object, and then use that description to set up the streaming session. It poses 
no problems at all to fit that into the solution proposed by the invention, the SDP 
description is simply passed inside the ticket. For information on SDP, reference is 
made to [12]. Preferably, the DRM client implemented in the application environment 
r 25 of the SIM also includes functionality for checking that the forward-lock function of 
flie WAP Protocol is not violated. 



30 



The Separate delivery model specifies a way to first download the media object, and 
then separately download, or ratter push, the rights object to the client. The invention 
can be used also in the implementation of this model. The media object is protected by 
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a Content Encryption Key (CEK). With the notation used in the protocol of the 
invention, the media protection key 8 is an instantiation of the CEK. The invention also 
provides a way to authenticate the download client to the device and vice versa, e.g. 
based on the key x. This authentication is left as "out of scope** in [10, 1 1]. 

5 

The embodiments described above are merely given as examples, and it should be 
understood that the present invention is not limited (hereto. Further modifications, 
changes and improvements which retain the basic underlying principles disclosed and 
claimed herein are within the scope and spirit of the invention. 
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1 . A network subscriber identity module adapted for cooperation with a client 
module capable of receiving digital content provided from a content provider over a 

5 network, 

wherein said network subscriber identity module comprises a digital rights 
management (DRM) agent for enabling usage of said digital content 

2. The network subscriber identity module according to claim 1, wherein said 
10 DRM agent is implemented as an application in the application environment provided 

by an application toolkit associated with said network subscriber identity module. 

3. The network subscriber identity module according to claim 2, wherein said 
DRM agent application is downloaded into said network subscriber identity module 

15 from a network operator associated with said network subscriber identity module. 

4. The network subscriber identity module according to claim 3, wherein said 
DRM agent application is remotely upgradeable. 

20 5. The network subscriber identity module according to claim 3, wherein said 

network subscriber identity module includes means for authenticating mat said DRM 
agent application comes from said network operator. 

6. The network subscriber identity module according to claim 5, wherein said 
.* 25 network subscriber identity module and said associated network operator share a 
r \ ; common key, and said authenticating means is operable for authenticating said DRM 

*. : agent application based on said common key. 



29 

CLAIMS 



30 



7. The network subscriber identity module according to claim 6, wherein 
common key is a subscriber key of said network subscriber identity module. 
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8. The network subscriber identity module according to ciam fc'wtKJeSPsaid 
DRM agent includes functionality for cryptographic processing of DRM metadata 
associated with said digital content 

5 9. The network subscriber identity module according to claim 1, wherein said 

DRM agent implemented in said network subscriber identity module includes 
functionality for generating a decryption key that is to be used for decrypting 
encrypted digital content provided from said content provider. 

10 10. The network subscriber identity module according to claim 9, wherein said 

network subscriber identity module and an associated network operator share a 
common key, and said decryption key generating functionality is operable for 
generating said decryption key at least partly based on said common key. 

15 11. The network subscriber identity module according to claim 10, wherein said 

common key is a subscriber key of said network subscriber identity module. 

12. The network subscriber identity module according to claim 10, wherein said 
common key is a special DRM key stored in said network subscriber identity module. 



20 



25 



13. The network subscriber identity module according to claim 12, wherein said 
DRM agent is implemented as an application in the application environment provided 
by an application toolkit associated with said network subscriber identity module, and 
said special DRM key is also stored in said application environment 

14. The network subscriber identity module according to claim 9, wherein said 
DRM agent implemented in said network subscriber identity module further includes 
functionality for decrypting said encrypted digital content by means of said generated 
decryption key. 
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1 5. The network subscriber identity module according to claim 1, wherein said 
DRM agent implemented in said network subscriber identity module includes 
functionality for enforcement of usage rules associated with said digital content 

5 16. The network subscriber identity module according to claim 1, wherein said 

DRM agent implemented in said network subscriber identity module includes 
functionality for certification and registration, in said network subscriber identity 
module, of a rendering or executing device. 

10 17. The network subscriber identity module according to claim 1 , wherein said 

DRM agent implemented in said network subscriber identity module includes 
functionality for checking that the forward-lock function of the Wireless Application 
Protocol (WAP) is not violated. 

15 18. A network subscriber identity module comprising digital rights 

management functionality. 



19. A client module comprising: 

means for receiving digital content provided from a content provider over a 
20 network; and 

a network subscriber identity module implemented with a digital rights 
management (DRM) agent for enabling usage of said digital content. 

' . 20. The client module according to claim 19, wherein said DRM agent is 

./ 25 implemented as an application in the application environment provided by an 

- • 

\ : \ application toolkit associated with said network subscriber identity module. 

► * 

21. The client module according to claim 20, wherein said DRM agent 
application is downloaded into said network subscriber identity module from a 
!. : 30 network operator associated with said networic subscriber identity module* 
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22. The client module according to claim 21, wherein said DRM agent 
application is remotely upgradeable. 

23. The client module according to claim 21, wherein said network subscriber 
5 identity module includes means for authenticating that said DRM agent application 

comes from said network operator. 

24. The client module according to claim 23, wherein said network subscriber 
identity module and said associated network operator share a common key, and said 

10 authenticating means is operable for authenticating said DRM agent application based 
on said common key. 

25. The client module according to claim 24, wherein said common key is a 
subscriber key of said network subscriber identity module. 

15 

26. The client module according to claim 19, wherein said network subscriber 
identity module is removably arranged in relation to said client module. 

27. The client module according to claim 19, wherein said DRM agent includes 
20 functionality for cryptographic processing of DRM metadata associated with said 

digital content. 

28. The client module according to claim 19, wherein said DRM agent 
implemented in said network subscriber identity module includes functionality for 

25 generating a decryption key to be used for decrypting encrypted digital content 



29. The client module according to claim 28, wherein said network subscriber 
identity module and an associated network operator share a common key, and said 
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decryption key generating functionality is operable for generating said decryption key 
at least partly based on said common key. 

30. The client module according to claim 29, wherein said common key is a 
5 subscriber key of said network subscriber identity module. 

31. The client module according to claim 29, wherein said common key is a 
special DKM key stored in said network subscriber identity module. 

10 32. The client module according to claim 31, wherein said DRM agent is 

implemented as an application in the application environment provided by an 
application toolkit associated with said network subscriber identity module, and said 
special DKM key is also stored in said application environment 

15 33. The client module according to claim 28, wherein said DRM agent 

implemented in said network subscriber identity module further includes functionality 
for decrypting said encrypted digital content by means of said generated decryption 



20 



34. The client module according to claim 19, wherein said DRM agent 
implemented in said network subscriber identity module includes functionality for 
certification and registration, in said network subscriber identity module, of a 
rendering or executing device. 

35. The client module according to claim 34, wherein said client module 
includes means for transmitting, to a trusted certification party, an identification key of 
a tendering or executing device to be registered, and in response thereto, receiving a 
representation of a device key, and wherein said DRM agent in said network 
subscriber identity module includes means deriving, based on said representation, said 

30 device key for storage in said network subscriber identity module. 



25 
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36. The client module according to clahn 35, wherein said DRM agent 
includes: 

functionality for generating a decryption key to be used for decrypting 
encrypted digital content provided from a content provider, and 
5 - functionality for encrypting me digital-content decryption key by said 

device key and for transferring said encrypted digital-content decryption key to said 
rendering or executing device. 

37. The client module according to claim 19, wherein said DRM agent 
10 implemented m said network subscriber identity module includes functionatity for 

checking that the forward-lock function of die Wireless Application Protocol (WAP) is 
not violated. 

38. The client module according to claim 19, further comprising a rendering or 
15 executing device for rendering or executing said digital content 

39. The client module according to claim 38, wherein said DRM agent and/or 
said rendering or executing device includes functionality for enforcement of usage 
rules associated with said digital content 

20 

40. A client-server based digital rights management (DRM) system, wherein 
die client module comprises: 

t : _ means for receiving digital content provided from a content provider over a 

| network; and 

""*: 25 a network subscriber identity module implemented with a digital rights 

:.: : management (DRM) agent for enabling usage of said digital content. 

mmmm 

*■ • 

'{.'} 41. The DRM system according to claim 40, wherein said DRM agent is 

• a 

I . implemented as an application in the application environment provided by an 
30 application toolkit associated with said network subscriber identity module. 
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42. The DRM system according to claim 41, wherefe saS4 , t^Kf n agent 
application is downloaded into said network subscriber identity module from a 
network operator associated with said network subscriber identity module. 

5 43. The DRM system according to claim 42, wherein said DRM agent 

application is remotely upgradeable. 

44. The DRM system according to claim 42, wherein said network subscriber 
identity module includes means for authenticating that said DRM agent application 

10 comes from said network operator. 

45. The DRM system according to claim 44, wherein said network subscriber 
identity module and said associated network operator share a common key, and said 
authenticating means is operable for authenticating said DRM agent application based 

IS on said common key. 

46. The DRM system according to claim 45, wherein said common key is a 
subscriber key of said network subscriber identity module. 

20 47. The DRM system according to claim 40, wherein said network subscriber 

identity module is removably arranged in relation to said client module. 

48. The DRM system according to claim 40, wherein a network operator/ 
content provider comprises means for authenticating that said network subscriber 
\ 25 identity module comprises a compliant DRM agent. 

'• : 49. The DRM system according to claim 40, wherein said DRM agent includes 

functionality for cryptographic processing of DRM metadata associated with said 
•! digital content 
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50. The DRM system according to claim 40, wherein said DRM agent 
implemented in said network subscriber identity module includes functionality for 
generating a decryption key that can be used for decrypting encrypted digital content 
provided from said content provider. 

5 

51. The DRM system according to claim 50, wherein said network subscriber 
identity module and an associated network operator share a common key, and said 
decryption key generating functionality is operable for generating said decryption key 
at least partly based on said common key. 



10 



52. The DRM system according to claim 51, wherein said common key is a 
subscriber key of said network subscriber identity module. 

53. The DRM system according to claim 51, wherein said common key is a 
15 special DRM key stored in said network subscriber identity module. 

54. The DRM system according to claim 53, wherein said DRM agent is 
implemented as an application in the application environment provided by an 
application toolkit associated with said network subscriber identity module, and said 

20 special DRM key is also stored in said application environment. 

55. The DRM system according to claim 50, wherein said DRM agent 
"**' implemented in said network subscriber identity module further includes functionality 
J . for decrypting said encrypted digital content by means of said generated decryption 
: 25 key. 

V » - 
• * * » 

7-A 56. The DRM system according to claim 40, wherein said DRM agent 

S \ implemented in said network subscriber identity module includes functionality for 
j certification and registration, in said network subscriber identity module, of a 

• mm 

30 rendering or executing device. 
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57. The DRM system according to claim 56, wherein said client module 
includes means for transmitting, to a trusted certification party, an identification key of 
a rendering or executing device to be registered, and in response thereto, receiving a 
representation of a device key, and wherein said DRM agent in said network 
5 subscriber identity module includes means for deriving, based on said representation, 
said device key, and means for storing said device key in said network subscriber 
identity module. 

58. The DRM system according to claim 57, wherein said DRM agent includes: 
10 - functionality for generating a decryption key to be used for decrypting 

encrypted digital content provided from a content provider; and 

functionality for encrypting the digital-content decryption key by said 
device key and for transferring said encrypted digital-content decryption key to said 
rendering or executing device. 

15 

59. The DRM system according to claim 40, wherein said DRM agent 
implemented in said network subscriber identity module includes functionality for 
checking that the forward-lock function of the Wireless Application Protocol (WAP) is 
not violated. 

20 

60. The DRM system according to claim 40, wherein said client module further 
comprises a rendering or executing device for rendering or executing said digital 
content. 

: " : 25 61 . The DRM system according to claim 60, wherein said DRM agent and/or 

said rendering or executing device includes functionality for enforcement of usage 
rules associated with said digital content 
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62. A digital rights management (DRM) method comprising the step of: 

a network operator downloading, over a network, a DRM agent into a 
network subscriber identity module arranged in relation to a client module. 

5 63. The DRM method according to claim 62, wherein said DRM agent is 

downloaded as an application into the application environment provided by an 
application toolkit associated with said network subscriber identity module. 

64. The DRM method according to claim 62, further comprising the step of said 
10 network operator generating authentication data for transmission to said network 

subscriber identity module, thus enabling authentication that said DRM agent comes 
from said operator. 

65. The DRM method according to claim 64, wherein said network subscriber 
IS identity module and said network operator share a common key, and said 

authentication data is generated based on said common key. 

66. The DRM method according to claim 65, wherein said common key is a 
subscriber key of said network subscriber identity module. 

20 

67. The DRM method according to claim 62, wherein said DRM agent is 
remotely upgraded by said network operator. 



68. The DRM method according to claim 62, further comprising the step of a 
7 25 network operator/content provider authenticating that said network subscriber identity 
V module comprises a compliant DRM agent. 

m 
p » 

"; 69. The DRM method according to claim 62, wherein said DRM agent is 

implemented with functionality for enabling usage of digital content in said client 
": 30 module. 
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70. The DRM method according to claim 69, wherein said DRM agent is 
implemented with functionality for cryptographic processing of DRM metadata 
associated with said digital content. 

5 71. A client module comprising: 

means for receiving digital content provided from a content provider over a 

network; and 

a network subscriber identity module implemented with a digital rights 
management (DRM) agent, said DRM agent including: 

functionality for generating a decryption key to be used for decrypting 
encrypted digital content provided from a content provider; and 

functionality for encrypting the digital-content decryption key by a 
specific device key and for transferring said encrypted digital-content decryption key 
to a rendering or executing device. 

72. The client module according to claim 71, wherein said DRM agent includes 
means for authenticating that ft is in contact with a certified tamper resistant rendering 
or executing device based on said specific device key. 



10 



15 
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ABSTRACT OF THE DISCLOSURE 



The invention relates to digital rights management, and proposes the implementation of a 
DRM agent into a network subscriber identity module intended for cooperation with a 

5 client module, such as a mobile phone or a computer system. The DRM agent is 
generally implemented with functionality for enabling usage, such as tendering or 
execution, of protected digital content provided to the client from a content provider. In 
general, me DRM agent includes functionality for cryptographic processing of DRM 
metadata associated with the digital content to be rendered. In a particularly 

10 advantageous realization, the DRM agent is implemented as an application in toe 
application environment provided by the network subscriber identity module's 
application toolkit The DRM application agent can be preprogrammed into the toolkit 
application environment or securely (preferably authenticated and encrypted) 
downloaded from a network operator associated with die subscriber identity module. 

15 

(Fig. 2) 
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